A few mails servers are on blacklists

Mail5 (173.0.142.41) is listed on SORBS and LASHBACK

Mail3 (173.0.137.191) is listed on UCEPROTECTL1 and ivmSIP

This is causing mail to be bounced back to us and our customers. Please look into this.
 
Already working on it, I mail a lot from mail5, but not getting bounces of course this really doesn't mean a lot as the people I mail probably don't use those lists, where they one's you/yours do use them.

We already stopped the spam that did this, many times coming from users having a virus infection on their PC :(
 
We did a temporary fix by change of IP for outgoing mails until the Mail-3 main IP delisted from blacklist. Mails seems to be delivering fine now as per monitoring the logs.
For Mail-5, Already requested to LASHBACK and they should delist IP in the coming few hours. However as per logs it doesn't bouncing the mails.

If the problem still persist, then please provide us the recent bounce message in the ticket.
 
Mail3 seems to be listed as high risk as reported by http://www.commtouch.com
IP Query Result:
IP Address: 173.0.136.173
Risk Level: High Risk
Description: This IP address is used for sending Spam on a regular basis

One particular customer has been getting bounces sinces friday.
Ticket has been lodged
 
This IP "173.0.136.173" is no more listed as high risk and this is not used anymore for sending out mails from Mail-3 server.
It was used only for a temp. purpose when there was issues with Mail-3 own IP i.e, "173.0.137.191". But now there is no such blocking issue from IP "173.0.137.191" and its is currently used for sending out mails from server.
 
This IP address 173.0.136.149 is shown by http://www.commtouch.com

Can you somehow fix this?

IP Query Result:
IP Address: 173.0.136.149
Risk Level: Medium Risk
Description: This IP address is frequently used for sending Spam
 
I dont see anything about new member on your account, and we know how long you have been :)

The issue with mail servers of late has simply been an incredible number of people having password stealing infections or weak password, and their accounts some been in place for years, being used for sending emails from botnets just recently, really getting to be an issue because to turn it off you end up angering someone that can't use their email anymore, or they delete the abuse mail we send with info about it, etc. Mail handling is really getting to be a big job with these matters.

We are on this daily, making sure email servers are not being abused.
 
Stephen, someone is using one of my domains to send spam because I get several of these every day. They aren't coming from my domains mail server (I changed the password recently). What can I do? I'm worried the domain will get blacklisted and affect everyone else here at JodoHost.
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Spam detection software, running on the system "mail3.myhsphere.biz", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details.

Content preview: This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed. [email protected] [...]


Content analysis details: (9.1 points, 7.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
1.6 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
[URIs: doctorfar.ru]
2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: doctorfar.ru]
2.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: doctorfar.ru]
2.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
[URIs: doctorfar.ru]

The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor.
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
Stephen, someone is using one of my domains to send spam because I get several of these every day. They aren't coming from my domains mail server (I changed the password recently). What can I do? I'm worried the domain will get blacklisted and affect everyone else here at JodoHost.
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Spam detection software, running on the system "mail3.myhsphere.biz", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details.

Content preview: This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed. [email protected] [...]


Content analysis details: (9.1 points, 7.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
1.6 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
[URIs: doctorfar.ru]
2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: doctorfar.ru]
2.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: doctorfar.ru]
2.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
[URIs: doctorfar.ru]

The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor.
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Please check if you have SPF enabled on your domain? If not, you can get it enabled with support team's help.
There isn't much that can be done about it due to the design of SMTP protocol.
 
Back
Top